This question already has answers here:
Ruby obfuscator [duplicate]
(3 answers)
Closed 9 years ago.
were developing a ruby on rails application for a customer who wants the software to run on his server.
So, we want to have a mechanism that enables us to say that the customer may only use the software for a certain time.
Is there a way to "compile" the software that prevents the customer from tampering with the code?
Cheers,
Henning
I'm afraid this is far from trivial - ruby is script based, and there is no way to stop others from 'tampering' with your code.
There was a discussion about this on https://www.ruby-forum.com/topic/60047, and here is one possible suggestion:
One solution may be to compile a small app that takes an MD5, SHA, or
some other checksum of the ruby code and only executes it if it is in
an internal hash of allowed files. You could have user-based hashes of
allowed files based on who is logged in. Of course you will have to
rebuild this app every time you change the ruby code but that could be
automated. But a user could run the ruby code directly unless you
build in some dependency to the compiled app. If they can see the
source code, they can copy it, tamper with it, and run it.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
Is there any way to do system testing with ruby?
I'm trying to test a multithreaded service (distributed in warbled in jar file) with having just SOAP inputs and STDOUT as outputs, and that's all what I have. I need to create custom, not trivial scenarios, and looking for the best way to do that. Google does not help with that.
System testing of software or hardware is testing conducted on a complete, integrated system to evaluate the system's compliance with its specified requirements. System testing falls within the scope of black box testing, and as such, should require no knowledge of the inner design of the code or logic.
UPDATE:
I suppose I had to say that I have 3 separate components with interaction between them. And this service, im talking about is like proxy for other 2. And if I just start to write code, I need to repeat lots of functionality. So yes I'm looking for some framework to mock both services and ability to create multiple of scenarios.
Yes, Ruby is excellent for system or application level tests.
I would recommend Cucumber. Cucumber is a Ruby application which lets you define an external DSL (Domain Specific Language) specific to your environment, and then use that DSL to write and run tests.
Here's the example Cucumber test (from the Cucumber home page):
Feature: Addition
In order to avoid silly mistakes
As a math idiot
I want to be told the sum of two numbers
Scenario: Add two numbers
Given I have entered 50 into the calculator
And I have entered 70 into the calculator
When I press add
Then the result should be 120 on the screen
That's written in the mini-language you define. These "step definitions" are in Ruby, using Cucumber's internal DSL:
Given /I have entered (.*) into the calculator/ do |n|
calculator = calculator.new
calculator.push(n.to_i)
end
These step definitions are what tie your custom external DSL to the code or system under test. This example tests a simple Ruby class, but Cucumber is fine for integrated testing of libraries or applications.
Keeping DRY is not a problem. Step definitions can call other step definitions, and since they are written in Ruby, you can easily put shared code into modules or classes for use by your step definitions.
All that's left to answer is whether Ruby and its available libraries have the capabilities needed to drive your test environment. Ruby is a good "glue" language, able to easily run other programs. It also has a fairly good set of libraries (called "Ruby gems") available, including several which can do soap (e.g. savon). Libraries are available for working with XML and interfacing with various protocols (HTTP, FTP, etc.).
I know a similar question has already been posed on StackOverflow, but it was posed over four and a half years ago, and I'm wondering if there have been any more recent solutions than those provided in the answers (particularly given that some of the projects mentioned appear to have been mothballed).
Briefly, I am developing a small, internal, social networking app in Ruby on Rails 3.2.6 and PostgreSQL. Currently, the app is hosted on a VPS (Ubuntu). The app is pretty much a "standard" app, but is dependent on both ImageMagick and FFMPEG libraries. Additionally, each staff member has an account on the system, so can upload data to it remotely from their own PC.
Without going in to too much detail, the app has worked quite well, to such an extent that some contacts have asked if they can use a version of the app on their own servers.
The obvious (I think) solution would be to make the source public on GitHub, and to encourage our contacts to clone the app and deploy it to their own server. However, there are all sorts of problems with this approach, in particular the fact that most of our contacts are not technically adept enough to install the correct versions of Ruby, Rails, PostgreSQL etc., and to debug stuff if these dependencies are installed incorrectly.
As an alternative we're looking into creating a distributable, "blank" (i.e. no content in the database - apart from, say, an admin account) version of the app, in which our contacts only need to set up, say, a Ubuntu server, double-click on the executable file and, hey presto, the app is available on their own server for their own staff to access.
So, my question is - what's the most appropriate solution here? A recent post suggested Warbler (and I'm considering JRuby), but I'm slightly confused as to whether this gem only allows the creation of standalone Rails apps (i.e. apps that can subsequently only be used on a single person's PC) or apps which can be hosted on a server and accessed by a wider group of people. Plus, it is essential that the app has access to ImageMagick and FFMPEG libraries through the relevant gems - I'm not sure if this impacts upon any decisions.
I realise this is quite an open question, and therefore there possibly aren't any simple solutions, but any feedback would be most helpful.
Thanks!
I am not sure if some link you gave already mentions it but one other option is to distribute an image (with everything properly installed) that your customers can load in a virtual machine. It's the approach GitHub Enterprise went with.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I am looking at Erlang for a future version of a distributed soft-real-time hosted web-based telephony app (i.e. Erlang looks like absolutely the perfect choice for this kind of app). I come from a .NET background and the current version of this app uses a combination of C#, WCF and JQuery to deliver the service. I now need Erlang to allow me to add extra 9s to my up-time and to allow me to get more bang for my server bucks.
Previously I'd set up a development process here combining VS.NET, GIT, TeamCity and auto-deployment of MSI files to the various environments we maintain. It's not perfect, but we're all now pretty comfortable with it. I'm wondering whether a process like we have is even appropriate for such a radically different technology stack (LYME)?
I'm confident that all of the programming challenges we previously solved using .NET can be better solved in less code with Erlang, so I'm completely sold on the language choice. What I don't yet understand from reading the Pragmatic and O'Reilly books on Erlang, is how I should adapt my software engineering and application life-cycle management (ALM) processes to suit the new platform. I see that in-place code updates could make my (and my testing and ops team's) life much easier (compared to the god-awful misery of trying to deploy MSI files across a windows network) but I am not sure how things should change when I use Erlang.
How would you:
do continuous integration in Erlang (is it commonly used?)
use it during a QA cycle (we often run concurrent topic branches using GIT, that get their own mini-QA cycle, so they all get deployed into a test environment)
build and distribute your code to DEV, TEST, UAT, STAGING, and PROD environments
integrate code generation phases into your build cycle (we currently use MSBUILD + T4 templates)
centralize logging for a bunch of different servers (we currently use Log4Net, MSMQ, etc)
do alerting with tools like SCOM
determine whether someone/something has misconfigured your production servers
allow production hot-fixes only after adequate QA (only by authorized personnel)
profile the performance (computation and communication) of your apps
interact with windows-based active directory servers
I guess I need to know what worked for you and why! What tools and frameworks did you use? What did you try that failed? What would you do differently if you could start over, knowing what you know now?
Whoa, what a long post. First, you should be aware that the 99.9% and better kool-aid is a bit dangerous to drink while blind. Yes, you can get some astounding stability figures, but you need to write your program in a way facilitating this. It does not come for free. It does not happen by magic either. Your application must be designed in a way such that other subsystems recover. OTP will help you a lot - but it still takes time to learn.
Continuous integration: Easily done. If you can call rebar or make through your build-bot you are probably set here already. Look into eunit, cover and Erlang QuickCheck (the mini variant is free for starters) - all can be run from rebar.
QA Cycle: I have not had any problems here. Again, if using rebar you can build embedded releases that are minimized erlang vm's you can copy anywhere and run (they are self-contained). You can even hot deploy fixes to such a system pretty easily by altering the code path a bit so you have an overlay of newer fixes. Your options are numerous. Git already help you here a lot.
Environmentalization: Easily done.
Logging centralization: Look into SASL and the error_logger. You can do anything you want here.
Alerting: The system can be probed for all you need (introspection is strong in Erlang). But you might have to code a bit to hook it up to the system of your choice.
Misconfiguration: Configuration files are Erlang terms. If it can be computed, it can be done.
Security: Limit who has access. It is a people problem, not a technical one in my opinion.
Profiling: cprof, cover, eprof, fprof, instrument + a couple of distributed systems for doing the same. Random sampling is also easy (introspection is strong in Erlang).
Windows interaction: Dunno. (Bias: last time I used windows professionally was in 1998 or so).
Some personal observations:
Your largest problem might end up being that you try to cram Erlang into your existing process and it might resist. It is a new environment, so new approaches will be needed in places and you should expect to adapt and workaround limitations you find along the way. The general consensus is that it can work (it is working for several big sites).
It looks like you have a well-established and strict process. How much is that process allowed to be sacrificed to give way to a new kind of thinking?
Are your programmers willing to throw out almost all of their OO knowledge? If not, you will end with a social problem rather than a technical one. If they are like me however, they will cheer, clap in their hands and get a constant high by working with an interesting language solving an interesting problem in a new way.
How many Erlang-experienced programmers do you have? If you have rather few, then better cut your teeth on some smaller subsystems first and then work towards the larger goal. Getting the full benefit of the system takes months if not years. Getting partial benefit can be had in weeks though.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I recently told a friend that I was starting to learn Catalyst (Perl) and he fairly strongly emphasized that because Catalyst has so freakin' many dependencies, I should use something like Rails instead.
Isn't that a good thing that there are a lot of dependencies? Doesn't that indicate a lot of code re-use? I understand that there might be more effort involved with installing the framework but are there any other disadvantages?
I will resume my Catalyst tutorial until I get some juicy responses. :-)
There is nothing particularly wrong with this. The advantage of Catalyst is that its pieces can be used by people not using all of Catalyst. This means that there are more eyes looking at, and fixing bugs in, the critical parts.
The biggest complain I hear of is that it's annoying to watch all those messages go by in the CPAN shell as Catalyst is installing. The solution is to take advantage of your OS's package manager as you are getting started. On Debian, apt-get install libcatalyst-perl takes 15 seconds to install on a machine with no other Perl modules installed. 15 seconds. (A plain CPAN install is not difficult either, but I guess the standard CPAN shell asks you a lot of dumb questions, and that puts off the newbies.)
Don't worry about the dependencies, there are good tools for managing them, and they make the framework stronger and more flexible.
This is a subject I've seen postings about before. I've been meaning to write an article about it and have finally done so.
It is here: The Lie of Independence
I encourage you to read it. The gist is simple, though. The question is wrong. It's not 'Do you use an application or framework with lots of dependencies, or one that doesn't have them?'
It is: 'Do you use an application or framework that has lots of external dependencies, or one that tries to do it all internally?'
And the question that follows is 'Do you really have faith that the person or people writing this framework understand every nuance of every tiny detail of every task that needs to be done to process a web request?'
When there are version dependencies between components, you can find yourself backed into a non-working situation if you're forced to upgrade one component (say, for security reasons) before a compatible version of a dependent component is available.
That assumes you can get into a working state in the first place. It may be that if you try to use the current versions of all dependencies, you'll find that they don't play along.
The larger the number of dependencies, the greater the risk.
Rails isn't free of this problem, either. With every new Ruby release, there's a scramble to update instructions for how to get, say, database drivers built.
To be fair, this problem has trended towards "better" over time, albeit with bumps in the road.
My personal experience is that the more dependencies you have, the more versioning you have to keep track of, and this can lead to nightmarish situations. In particular, updating one dependency (due to a bug you want fixed, for example) can bring you compatibility issues with the other dependencies. As an example, I personally had a situation where gcc 4.0.3 worked with foo but not with bar (dependency of foo), and gcc 4.0.5 worked with bar but not with foo. Fortunately, 4.0.2 worked.
Also, more dependencies tend to point out at "Frankenstein's monsters" products, made of parts that were not designed upfront to play together. A well integrated framework is designed to play nice and consistent. This, of course, can be fixed by proper wrapping the differences.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I recently discovered Erlang and am now working my way through a couple of tutorials. By now I'm looking forward to actually implement something as a hobby project. I'm not really interested in yet another chat server. I would like to code something more interesting (yes I'm aware that this is a rather fuzzy term) which is also manageable, so I can finish it in my spare time.
Any suggestions?
Edit: The project should preferably highlight Erlang's strenghts (concurrency, distributed).
Build a distributed system that searches twitter feeds in real time and allows anyone to perform searches from a web front end.
Build a distributed file system. Implement distributed B*Trees or B+Trees as the base of this file system. Do it in erlang.
Build a distributed key value store on top of the distributed file system built in step 2.
Build a distributed web index (to be used by a distributed web search engine) on top of the key value store.
Build a distributed linker. Advanced build automation offers remote agent processing for distributed builds and/or distributed processing.
Build a MMORPG backend that relies on distributed storage of the game/player state and distributed processing of user requests.
For something for yourself, consider writing a simple server; something that, for example, services date/time requests or -- a little fancier -- an HTTP daemon that serves only static content.
The best part of Erlang is the way it handles concurrency; exercize that.
Project Euler, for sure.
Some things from my copious ToDo list that would both be good learning exercises and helpful to the erlang community at large:
Profile all the available Key/Value stores:
Write a library for testing insert, lookup, delete, search times for a variety of K/V stores
Create a benchmark suite people can run
Make it work with ets, dets, proplists, gb_trees, dict, orddict, redblack trees, bdb, tokyocabinet, ...
Produce pretty graphs
Make it easy to update, contribute to and run on anyone's machine
write a new io_lib:format routine that uses named parameters:
io_lib:nformat("Hi there ~{name}s~n.", [{name, "Bob"}]).
This is useful for internationalisation if the position of parameters changes when the language of the format string changes.
Extend erl -make (make.erl)
Allow adding code paths (so that you don't need to do erl -pa LibraryPath -make)
Compile/load behaviour modules before modules that implement those behaviours
Handle hierarchal modules correctly (output path in particular)
This doesn't exactly answer your question, but if you are looking for an interesting free, open-source project that is written in Erlang, you should definitely check out CouchDB. From the website:
Apache CouchDB is a distributed,
fault-tolerant and schema-free
document-oriented database accessible
via a RESTful HTTP/JSON API. Among
other features, it provides robust,
incremental replication with
bi-directional conflict detection and
resolution, and is queryable and
indexable using a table-oriented view
engine with JavaScript acting as the
default view definition language.
CouchDB is written in Erlang, but can
be easily accessed from any
environment that provides means to
make HTTP requests. There are a
multitude of third-party client
libraries that make this even easier
for a variety of programming languages
and environments.
The CouchDB website has more details. Happy coding!
find something erlang doesn't have that you understand and like. I did that with etap https://github.com/ngerakines/etap/ Now nick has taken over management and it's used internally at EA games. It was fun to make and like a previous poster it was something real so I learned to serve real world problems working on it.
File indexing/search system. This was going to by intro project but I've switched over to something else.
Once you've got it working you could move the indexes to mnesia, and then spread the thing out other nodes to a have a whole network index.